1 /* $OpenBSD: mta_session.c,v 1.83 2016/05/22 16:31:21 gilles Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 5 * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> 6 * Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> 7 * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22 #include <sys/types.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <sys/socket.h> 26 #include <sys/uio.h> 27 28 #include <ctype.h> 29 #include <err.h> 30 #include <errno.h> 31 #include <event.h> 32 #include <imsg.h> 33 #include <inttypes.h> 34 #include <netdb.h> 35 #include <openssl/ssl.h> 36 #include <pwd.h> 37 #include <resolv.h> 38 #include <limits.h> 39 #include <signal.h> 40 #include <stdio.h> 41 #include <stdlib.h> 42 #include <string.h> 43 #include <time.h> 44 #include <unistd.h> 45 46 #include "smtpd.h" 47 #include "log.h" 48 #include "ssl.h" 49 50 #define MAX_TRYBEFOREDISABLE 10 51 52 #define MTA_HIWAT 65535 53 54 enum mta_state { 55 MTA_INIT, 56 MTA_BANNER, 57 MTA_EHLO, 58 MTA_HELO, 59 MTA_LHLO, 60 MTA_STARTTLS, 61 MTA_AUTH, 62 MTA_AUTH_PLAIN, 63 MTA_AUTH_LOGIN, 64 MTA_AUTH_LOGIN_USER, 65 MTA_AUTH_LOGIN_PASS, 66 MTA_READY, 67 MTA_MAIL, 68 MTA_RCPT, 69 MTA_DATA, 70 MTA_BODY, 71 MTA_EOM, 72 MTA_LMTP_EOM, 73 MTA_RSET, 74 MTA_QUIT, 75 }; 76 77 #define MTA_FORCE_ANYSSL 0x0001 78 #define MTA_FORCE_SMTPS 0x0002 79 #define MTA_FORCE_TLS 0x0004 80 #define MTA_FORCE_PLAIN 0x0008 81 #define MTA_WANT_SECURE 0x0010 82 #define MTA_USE_AUTH 0x0020 83 #define MTA_USE_CERT 0x0040 84 #define MTA_DOWNGRADE_PLAIN 0x0080 85 86 #define MTA_TLS_TRIED 0x0080 87 88 #define MTA_TLS 0x0100 89 #define MTA_VERIFIED 0x0200 90 91 #define MTA_FREE 0x0400 92 #define MTA_LMTP 0x0800 93 #define MTA_WAIT 0x1000 94 #define MTA_HANGON 0x2000 95 #define MTA_RECONN 0x4000 96 97 #define MTA_EXT_STARTTLS 0x01 98 #define MTA_EXT_PIPELINING 0x02 99 #define MTA_EXT_AUTH 0x04 100 #define MTA_EXT_AUTH_PLAIN 0x08 101 #define MTA_EXT_AUTH_LOGIN 0x10 102 103 struct mta_session { 104 uint64_t id; 105 struct mta_relay *relay; 106 struct mta_route *route; 107 char *helo; 108 109 int flags; 110 111 int attempt; 112 int use_smtps; 113 int use_starttls; 114 int use_smtp_tls; 115 int ready; 116 117 struct iobuf iobuf; 118 struct io io; 119 int ext; 120 121 size_t msgtried; 122 size_t msgcount; 123 size_t rcptcount; 124 int hangon; 125 126 enum mta_state state; 127 struct mta_task *task; 128 struct mta_envelope *currevp; 129 FILE *datafp; 130 131 size_t failures; 132 133 char replybuf[2048]; 134 }; 135 136 static void mta_session_init(void); 137 static void mta_start(int fd, short ev, void *arg); 138 static void mta_io(struct io *, int); 139 static void mta_free(struct mta_session *); 140 static void mta_on_ptr(void *, void *, void *); 141 static void mta_on_timeout(struct runq *, void *); 142 static void mta_connect(struct mta_session *); 143 static void mta_enter_state(struct mta_session *, int); 144 static void mta_flush_task(struct mta_session *, int, const char *, size_t, int); 145 static void mta_error(struct mta_session *, const char *, ...); 146 static void mta_send(struct mta_session *, char *, ...); 147 static ssize_t mta_queue_data(struct mta_session *); 148 static void mta_response(struct mta_session *, char *); 149 static const char * mta_strstate(int); 150 static void mta_start_tls(struct mta_session *); 151 static int mta_verify_certificate(struct mta_session *); 152 static struct mta_session *mta_tree_pop(struct tree *, uint64_t); 153 static const char * dsn_strret(enum dsn_ret); 154 static const char * dsn_strnotify(uint8_t); 155 156 void mta_hoststat_update(const char *, const char *); 157 void mta_hoststat_reschedule(const char *); 158 void mta_hoststat_cache(const char *, uint64_t); 159 void mta_hoststat_uncache(const char *, uint64_t); 160 161 static struct tree wait_helo; 162 static struct tree wait_ptr; 163 static struct tree wait_fd; 164 static struct tree wait_ssl_init; 165 static struct tree wait_ssl_verify; 166 167 static struct runq *hangon; 168 169 static void 170 mta_session_init(void) 171 { 172 static int init = 0; 173 174 if (!init) { 175 tree_init(&wait_helo); 176 tree_init(&wait_ptr); 177 tree_init(&wait_fd); 178 tree_init(&wait_ssl_init); 179 tree_init(&wait_ssl_verify); 180 runq_init(&hangon, mta_on_timeout); 181 init = 1; 182 } 183 } 184 185 void 186 mta_session(struct mta_relay *relay, struct mta_route *route) 187 { 188 struct mta_session *s; 189 struct timeval tv; 190 191 mta_session_init(); 192 193 s = xcalloc(1, sizeof *s, "mta_session"); 194 s->id = generate_uid(); 195 s->relay = relay; 196 s->route = route; 197 s->io.sock = -1; 198 199 if (relay->flags & RELAY_SSL && relay->flags & RELAY_AUTH) 200 s->flags |= MTA_USE_AUTH; 201 if (relay->pki_name) 202 s->flags |= MTA_USE_CERT; 203 if (relay->flags & RELAY_LMTP) 204 s->flags |= MTA_LMTP; 205 switch (relay->flags & (RELAY_SSL|RELAY_TLS_OPTIONAL)) { 206 case RELAY_SSL: 207 s->flags |= MTA_FORCE_ANYSSL; 208 s->flags |= MTA_WANT_SECURE; 209 break; 210 case RELAY_SMTPS: 211 s->flags |= MTA_FORCE_SMTPS; 212 s->flags |= MTA_WANT_SECURE; 213 break; 214 case RELAY_STARTTLS: 215 s->flags |= MTA_FORCE_TLS; 216 s->flags |= MTA_WANT_SECURE; 217 break; 218 case RELAY_TLS_OPTIONAL: 219 /* do not force anything, try tls then smtp */ 220 break; 221 default: 222 s->flags |= MTA_FORCE_PLAIN; 223 } 224 225 if (relay->flags & RELAY_BACKUP) 226 s->flags &= ~MTA_FORCE_PLAIN; 227 228 log_debug("debug: mta: %p: spawned for relay %s", s, 229 mta_relay_to_text(relay)); 230 stat_increment("mta.session", 1); 231 232 if (route->dst->ptrname || route->dst->lastptrquery) { 233 /* We want to delay the connection since to always notify 234 * the relay asynchronously. 235 */ 236 tv.tv_sec = 0; 237 tv.tv_usec = 0; 238 evtimer_set(&s->io.ev, mta_start, s); 239 evtimer_add(&s->io.ev, &tv); 240 } else if (waitq_wait(&route->dst->ptrname, mta_on_ptr, s)) { 241 m_create(p_lka, IMSG_MTA_DNS_PTR, 0, 0, -1); 242 m_add_id(p_lka, s->id); 243 m_add_sockaddr(p_lka, s->route->dst->sa); 244 m_close(p_lka); 245 tree_xset(&wait_ptr, s->id, s); 246 s->flags |= MTA_WAIT; 247 } 248 } 249 250 void 251 mta_session_imsg(struct mproc *p, struct imsg *imsg) 252 { 253 struct ca_vrfy_resp_msg *resp_ca_vrfy; 254 struct ca_cert_resp_msg *resp_ca_cert; 255 struct mta_session *s; 256 struct mta_host *h; 257 struct msg m; 258 uint64_t reqid; 259 const char *name; 260 void *ssl; 261 int dnserror, status; 262 263 switch (imsg->hdr.type) { 264 265 case IMSG_MTA_OPEN_MESSAGE: 266 m_msg(&m, imsg); 267 m_get_id(&m, &reqid); 268 m_end(&m); 269 270 s = mta_tree_pop(&wait_fd, reqid); 271 if (s == NULL) { 272 if (imsg->fd != -1) 273 close(imsg->fd); 274 return; 275 } 276 277 if (imsg->fd == -1) { 278 log_debug("debug: mta: failed to obtain msg fd"); 279 mta_flush_task(s, IMSG_MTA_DELIVERY_TEMPFAIL, 280 "Could not get message fd", 0, 0); 281 mta_enter_state(s, MTA_READY); 282 io_reload(&s->io); 283 return; 284 } 285 286 s->datafp = fdopen(imsg->fd, "r"); 287 if (s->datafp == NULL) 288 fatal("mta: fdopen"); 289 290 mta_enter_state(s, MTA_MAIL); 291 io_reload(&s->io); 292 return; 293 294 case IMSG_MTA_DNS_PTR: 295 m_msg(&m, imsg); 296 m_get_id(&m, &reqid); 297 m_get_int(&m, &dnserror); 298 if (dnserror) 299 name = NULL; 300 else 301 m_get_string(&m, &name); 302 m_end(&m); 303 s = mta_tree_pop(&wait_ptr, reqid); 304 if (s == NULL) 305 return; 306 307 h = s->route->dst; 308 h->lastptrquery = time(NULL); 309 if (name) 310 h->ptrname = xstrdup(name, "mta: ptr"); 311 waitq_run(&h->ptrname, h->ptrname); 312 return; 313 314 case IMSG_MTA_TLS_INIT: 315 resp_ca_cert = imsg->data; 316 s = mta_tree_pop(&wait_ssl_init, resp_ca_cert->reqid); 317 if (s == NULL) 318 return; 319 320 if (resp_ca_cert->status == CA_FAIL) { 321 if (s->relay->pki_name) { 322 log_info("%016"PRIx64" mta " 323 "event=closing reason=ca-failure", 324 s->id); 325 mta_free(s); 326 return; 327 } 328 else { 329 ssl = ssl_mta_init(NULL, NULL, 0, env->sc_tls_ciphers); 330 if (ssl == NULL) 331 fatal("mta: ssl_mta_init"); 332 io_start_tls(&s->io, ssl); 333 return; 334 } 335 } 336 337 resp_ca_cert = xmemdup(imsg->data, sizeof *resp_ca_cert, "mta:ca_cert"); 338 resp_ca_cert->cert = xstrdup((char *)imsg->data + 339 sizeof *resp_ca_cert, "mta:ca_cert"); 340 ssl = ssl_mta_init(resp_ca_cert->name, 341 resp_ca_cert->cert, resp_ca_cert->cert_len, env->sc_tls_ciphers); 342 if (ssl == NULL) 343 fatal("mta: ssl_mta_init"); 344 io_start_tls(&s->io, ssl); 345 346 explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); 347 free(resp_ca_cert->cert); 348 free(resp_ca_cert); 349 return; 350 351 case IMSG_MTA_TLS_VERIFY: 352 resp_ca_vrfy = imsg->data; 353 s = mta_tree_pop(&wait_ssl_verify, resp_ca_vrfy->reqid); 354 if (s == NULL) 355 return; 356 357 if (resp_ca_vrfy->status == CA_OK) 358 s->flags |= MTA_VERIFIED; 359 else if (s->relay->flags & F_TLS_VERIFY) { 360 errno = 0; 361 mta_error(s, "SSL certificate check failed"); 362 mta_free(s); 363 return; 364 } 365 366 mta_io(&s->io, IO_TLSVERIFIED); 367 io_resume(&s->io, IO_PAUSE_IN); 368 io_reload(&s->io); 369 return; 370 371 case IMSG_MTA_LOOKUP_HELO: 372 m_msg(&m, imsg); 373 m_get_id(&m, &reqid); 374 m_get_int(&m, &status); 375 if (status == LKA_OK) 376 m_get_string(&m, &name); 377 m_end(&m); 378 379 s = mta_tree_pop(&wait_helo, reqid); 380 if (s == NULL) 381 return; 382 383 if (status == LKA_OK) { 384 s->helo = xstrdup(name, "mta_session_imsg"); 385 mta_connect(s); 386 } else { 387 mta_source_error(s->relay, s->route, 388 "Failed to retrieve helo string"); 389 mta_free(s); 390 } 391 return; 392 393 default: 394 errx(1, "mta_session_imsg: unexpected %s imsg", 395 imsg_to_str(imsg->hdr.type)); 396 } 397 } 398 399 static struct mta_session * 400 mta_tree_pop(struct tree *wait, uint64_t reqid) 401 { 402 struct mta_session *s; 403 404 s = tree_xpop(wait, reqid); 405 if (s->flags & MTA_FREE) { 406 log_debug("debug: mta: %p: zombie session", s); 407 mta_free(s); 408 return (NULL); 409 } 410 s->flags &= ~MTA_WAIT; 411 412 return (s); 413 } 414 415 static void 416 mta_free(struct mta_session *s) 417 { 418 struct mta_relay *relay; 419 struct mta_route *route; 420 421 log_debug("debug: mta: %p: session done", s); 422 423 if (s->ready) 424 s->relay->nconn_ready -= 1; 425 426 if (s->flags & MTA_HANGON) { 427 log_debug("debug: mta: %p: cancelling hangon timer", s); 428 runq_cancel(hangon, NULL, s); 429 } 430 431 io_clear(&s->io); 432 iobuf_clear(&s->iobuf); 433 434 if (s->task) 435 fatalx("current task should have been deleted already"); 436 if (s->datafp) 437 fclose(s->datafp); 438 free(s->helo); 439 440 relay = s->relay; 441 route = s->route; 442 free(s); 443 stat_decrement("mta.session", 1); 444 mta_route_collect(relay, route); 445 } 446 447 static void 448 mta_on_timeout(struct runq *runq, void *arg) 449 { 450 struct mta_session *s = arg; 451 452 log_debug("mta: timeout for session hangon"); 453 454 s->flags &= ~MTA_HANGON; 455 s->hangon++; 456 457 mta_enter_state(s, MTA_READY); 458 io_reload(&s->io); 459 } 460 461 static void 462 mta_on_ptr(void *tag, void *arg, void *data) 463 { 464 struct mta_session *s = arg; 465 466 mta_connect(s); 467 } 468 469 static void 470 mta_start(int fd, short ev, void *arg) 471 { 472 struct mta_session *s = arg; 473 474 mta_connect(s); 475 } 476 477 static void 478 mta_connect(struct mta_session *s) 479 { 480 struct sockaddr_storage ss; 481 struct sockaddr *sa; 482 int portno; 483 const char *schema = "smtp+tls://"; 484 485 if (s->helo == NULL) { 486 if (s->relay->helotable && s->route->src->sa) { 487 m_create(p_lka, IMSG_MTA_LOOKUP_HELO, 0, 0, -1); 488 m_add_id(p_lka, s->id); 489 m_add_string(p_lka, s->relay->helotable); 490 m_add_sockaddr(p_lka, s->route->src->sa); 491 m_close(p_lka); 492 tree_xset(&wait_helo, s->id, s); 493 s->flags |= MTA_WAIT; 494 return; 495 } 496 else if (s->relay->heloname) 497 s->helo = xstrdup(s->relay->heloname, "mta_connect"); 498 else 499 s->helo = xstrdup(env->sc_hostname, "mta_connect"); 500 } 501 502 io_clear(&s->io); 503 iobuf_clear(&s->iobuf); 504 505 s->use_smtps = s->use_starttls = s->use_smtp_tls = 0; 506 507 switch (s->attempt) { 508 case 0: 509 if (s->flags & MTA_FORCE_SMTPS) 510 s->use_smtps = 1; /* smtps */ 511 else if (s->flags & (MTA_FORCE_TLS|MTA_FORCE_ANYSSL)) 512 s->use_starttls = 1; /* tls, tls+smtps */ 513 else if (!(s->flags & MTA_FORCE_PLAIN)) 514 s->use_smtp_tls = 1; 515 break; 516 case 1: 517 if (s->flags & MTA_FORCE_ANYSSL) { 518 s->use_smtps = 1; /* tls+smtps */ 519 break; 520 } 521 else if (s->flags & MTA_DOWNGRADE_PLAIN) { 522 /* smtp+tls, with tls failure */ 523 break; 524 } 525 default: 526 mta_free(s); 527 return; 528 } 529 portno = s->use_smtps ? 465 : 25; 530 531 /* Override with relay-specified port */ 532 if (s->relay->port) 533 portno = s->relay->port; 534 535 memmove(&ss, s->route->dst->sa, s->route->dst->sa->sa_len); 536 sa = (struct sockaddr *)&ss; 537 538 if (sa->sa_family == AF_INET) 539 ((struct sockaddr_in *)sa)->sin_port = htons(portno); 540 else if (sa->sa_family == AF_INET6) 541 ((struct sockaddr_in6 *)sa)->sin6_port = htons(portno); 542 543 s->attempt += 1; 544 if (s->use_smtp_tls) 545 schema = "smtp+tls://"; 546 else if (s->use_starttls) 547 schema = "tls://"; 548 else if (s->use_smtps) 549 schema = "smtps://"; 550 else if (s->flags & MTA_LMTP) 551 schema = "lmtp://"; 552 else 553 schema = "smtp://"; 554 555 log_info("%016"PRIx64" mta " 556 "event=connecting address=%s%s:%d host=%s", 557 s->id, schema, sa_to_text(s->route->dst->sa), 558 portno, s->route->dst->ptrname); 559 560 mta_enter_state(s, MTA_INIT); 561 iobuf_xinit(&s->iobuf, 0, 0, "mta_connect"); 562 io_init(&s->io, -1, s, mta_io, &s->iobuf); 563 io_set_timeout(&s->io, 300000); 564 if (io_connect(&s->io, sa, s->route->src->sa) == -1) { 565 /* 566 * This error is most likely a "no route", 567 * so there is no need to try again. 568 */ 569 log_debug("debug: mta: io_connect failed: %s", s->io.error); 570 if (errno == EADDRNOTAVAIL) 571 mta_source_error(s->relay, s->route, s->io.error); 572 else 573 mta_error(s, "Connection failed: %s", s->io.error); 574 mta_free(s); 575 } 576 } 577 578 static void 579 mta_enter_state(struct mta_session *s, int newstate) 580 { 581 struct mta_envelope *e; 582 size_t envid_sz; 583 int oldstate; 584 ssize_t q; 585 char ibuf[LINE_MAX]; 586 char obuf[LINE_MAX]; 587 int offset; 588 589 again: 590 oldstate = s->state; 591 592 log_trace(TRACE_MTA, "mta: %p: %s -> %s", s, 593 mta_strstate(oldstate), 594 mta_strstate(newstate)); 595 596 s->state = newstate; 597 598 memset(s->replybuf, 0, sizeof s->replybuf); 599 600 /* don't try this at home! */ 601 #define mta_enter_state(_s, _st) do { newstate = _st; goto again; } while (0) 602 603 switch (s->state) { 604 case MTA_INIT: 605 case MTA_BANNER: 606 break; 607 608 case MTA_EHLO: 609 s->ext = 0; 610 mta_send(s, "EHLO %s", s->helo); 611 break; 612 613 case MTA_HELO: 614 s->ext = 0; 615 mta_send(s, "HELO %s", s->helo); 616 break; 617 618 case MTA_LHLO: 619 s->ext = 0; 620 mta_send(s, "LHLO %s", s->helo); 621 break; 622 623 case MTA_STARTTLS: 624 if (s->flags & MTA_DOWNGRADE_PLAIN) 625 mta_enter_state(s, MTA_AUTH); 626 if (s->flags & MTA_TLS) /* already started */ 627 mta_enter_state(s, MTA_AUTH); 628 else if ((s->ext & MTA_EXT_STARTTLS) == 0) { 629 if (s->flags & MTA_FORCE_TLS || s->flags & MTA_WANT_SECURE) { 630 mta_error(s, "TLS required but not supported by remote host"); 631 s->flags |= MTA_RECONN; 632 } 633 else 634 /* server doesn't support starttls, do not use it */ 635 mta_enter_state(s, MTA_AUTH); 636 } 637 else 638 mta_send(s, "STARTTLS"); 639 break; 640 641 case MTA_AUTH: 642 if (s->relay->secret && s->flags & MTA_TLS) { 643 if (s->ext & MTA_EXT_AUTH) { 644 if (s->ext & MTA_EXT_AUTH_PLAIN) { 645 mta_enter_state(s, MTA_AUTH_PLAIN); 646 break; 647 } 648 if (s->ext & MTA_EXT_AUTH_LOGIN) { 649 mta_enter_state(s, MTA_AUTH_LOGIN); 650 break; 651 } 652 log_debug("debug: mta: %p: no supported AUTH method on session", s); 653 mta_error(s, "no supported AUTH method"); 654 } 655 else { 656 log_debug("debug: mta: %p: AUTH not advertised on session", s); 657 mta_error(s, "AUTH not advertised"); 658 } 659 } 660 else if (s->relay->secret) { 661 log_debug("debug: mta: %p: not using AUTH on non-TLS " 662 "session", s); 663 mta_error(s, "Refuse to AUTH over unsecure channel"); 664 mta_connect(s); 665 } else { 666 mta_enter_state(s, MTA_READY); 667 } 668 break; 669 670 case MTA_AUTH_PLAIN: 671 mta_send(s, "AUTH PLAIN %s", s->relay->secret); 672 break; 673 674 case MTA_AUTH_LOGIN: 675 mta_send(s, "AUTH LOGIN"); 676 break; 677 678 case MTA_AUTH_LOGIN_USER: 679 memset(ibuf, 0, sizeof ibuf); 680 if (base64_decode(s->relay->secret, (unsigned char *)ibuf, 681 sizeof(ibuf)-1) == -1) { 682 log_debug("debug: mta: %p: credentials too large on session", s); 683 mta_error(s, "Credentials too large"); 684 break; 685 } 686 687 memset(obuf, 0, sizeof obuf); 688 base64_encode((unsigned char *)ibuf + 1, strlen(ibuf + 1), obuf, sizeof obuf); 689 mta_send(s, "%s", obuf); 690 691 memset(ibuf, 0, sizeof ibuf); 692 memset(obuf, 0, sizeof obuf); 693 break; 694 695 case MTA_AUTH_LOGIN_PASS: 696 memset(ibuf, 0, sizeof ibuf); 697 if (base64_decode(s->relay->secret, (unsigned char *)ibuf, 698 sizeof(ibuf)-1) == -1) { 699 log_debug("debug: mta: %p: credentials too large on session", s); 700 mta_error(s, "Credentials too large"); 701 break; 702 } 703 704 offset = strlen(ibuf+1)+2; 705 memset(obuf, 0, sizeof obuf); 706 base64_encode((unsigned char *)ibuf + offset, strlen(ibuf + offset), obuf, sizeof obuf); 707 mta_send(s, "%s", obuf); 708 709 memset(ibuf, 0, sizeof ibuf); 710 memset(obuf, 0, sizeof obuf); 711 break; 712 713 case MTA_READY: 714 /* Ready to send a new mail */ 715 if (s->ready == 0) { 716 s->ready = 1; 717 s->relay->nconn_ready += 1; 718 mta_route_ok(s->relay, s->route); 719 } 720 721 if (s->msgtried >= MAX_TRYBEFOREDISABLE) { 722 log_info("%016"PRIx64" mta event=host-rejects-all-mails", 723 s->id); 724 mta_route_down(s->relay, s->route); 725 mta_enter_state(s, MTA_QUIT); 726 break; 727 } 728 729 if (s->msgcount >= s->relay->limits->max_mail_per_session) { 730 log_debug("debug: mta: " 731 "%p: cannot send more message to relay %s", s, 732 mta_relay_to_text(s->relay)); 733 mta_enter_state(s, MTA_QUIT); 734 break; 735 } 736 737 /* 738 * When downgrading from opportunistic TLS, clear flag and 739 * possibly reuse the same task (forbidden in other cases). 740 */ 741 if (s->flags & MTA_DOWNGRADE_PLAIN) 742 s->flags &= ~MTA_DOWNGRADE_PLAIN; 743 else if (s->task) 744 fatalx("task should be NULL at this point"); 745 746 if (s->task == NULL) 747 s->task = mta_route_next_task(s->relay, s->route); 748 if (s->task == NULL) { 749 log_debug("debug: mta: %p: no task for relay %s", 750 s, mta_relay_to_text(s->relay)); 751 752 if (s->relay->nconn > 1 || 753 s->hangon >= s->relay->limits->sessdelay_keepalive) { 754 mta_enter_state(s, MTA_QUIT); 755 break; 756 } 757 758 log_debug("mta: debug: last connection: hanging on for %llds", 759 (long long)(s->relay->limits->sessdelay_keepalive - 760 s->hangon)); 761 s->flags |= MTA_HANGON; 762 runq_schedule(hangon, time(NULL) + 1, NULL, s); 763 break; 764 } 765 766 log_debug("debug: mta: %p: handling next task for relay %s", s, 767 mta_relay_to_text(s->relay)); 768 769 stat_increment("mta.task.running", 1); 770 771 m_create(p_queue, IMSG_MTA_OPEN_MESSAGE, 0, 0, -1); 772 m_add_id(p_queue, s->id); 773 m_add_msgid(p_queue, s->task->msgid); 774 m_close(p_queue); 775 776 tree_xset(&wait_fd, s->id, s); 777 s->flags |= MTA_WAIT; 778 break; 779 780 case MTA_MAIL: 781 s->currevp = TAILQ_FIRST(&s->task->envelopes); 782 783 e = s->currevp; 784 s->hangon = 0; 785 s->msgtried++; 786 envid_sz = strlen(e->dsn_envid); 787 if (s->ext & MTA_EXT_DSN) { 788 mta_send(s, "MAIL FROM:<%s>%s%s%s%s", 789 s->task->sender, 790 e->dsn_ret ? " RET=" : "", 791 e->dsn_ret ? dsn_strret(e->dsn_ret) : "", 792 envid_sz ? " ENVID=" : "", 793 envid_sz ? e->dsn_envid : ""); 794 } else 795 mta_send(s, "MAIL FROM:<%s>", s->task->sender); 796 break; 797 798 case MTA_RCPT: 799 if (s->currevp == NULL) 800 s->currevp = TAILQ_FIRST(&s->task->envelopes); 801 802 e = s->currevp; 803 if (s->ext & MTA_EXT_DSN) { 804 mta_send(s, "RCPT TO:<%s>%s%s%s%s", 805 e->dest, 806 e->dsn_notify ? " NOTIFY=" : "", 807 e->dsn_notify ? dsn_strnotify(e->dsn_notify) : "", 808 e->dsn_orcpt ? " ORCPT=" : "", 809 e->dsn_orcpt ? e->dsn_orcpt : ""); 810 } else 811 mta_send(s, "RCPT TO:<%s>", e->dest); 812 813 s->rcptcount++; 814 break; 815 816 case MTA_DATA: 817 fseek(s->datafp, 0, SEEK_SET); 818 mta_send(s, "DATA"); 819 break; 820 821 case MTA_BODY: 822 if (s->datafp == NULL) { 823 log_trace(TRACE_MTA, "mta: %p: end-of-file", s); 824 mta_enter_state(s, MTA_EOM); 825 break; 826 } 827 828 if ((q = mta_queue_data(s)) == -1) { 829 s->flags |= MTA_FREE; 830 break; 831 } 832 if (q == 0) { 833 mta_enter_state(s, MTA_BODY); 834 break; 835 } 836 837 log_trace(TRACE_MTA, "mta: %p: >>> [...%zd bytes...]", s, q); 838 break; 839 840 case MTA_EOM: 841 mta_send(s, "."); 842 break; 843 844 case MTA_LMTP_EOM: 845 /* LMTP reports status of each delivery, so enable read */ 846 io_set_read(&s->io); 847 break; 848 849 case MTA_RSET: 850 if (s->datafp) { 851 fclose(s->datafp); 852 s->datafp = NULL; 853 } 854 mta_send(s, "RSET"); 855 break; 856 857 case MTA_QUIT: 858 mta_send(s, "QUIT"); 859 break; 860 861 default: 862 fatalx("mta_enter_state: unknown state"); 863 } 864 #undef mta_enter_state 865 } 866 867 /* 868 * Handle a response to an SMTP command 869 */ 870 static void 871 mta_response(struct mta_session *s, char *line) 872 { 873 struct mta_envelope *e; 874 struct sockaddr_storage ss; 875 struct sockaddr *sa; 876 const char *domain; 877 socklen_t sa_len; 878 char buf[LINE_MAX]; 879 int delivery; 880 881 switch (s->state) { 882 883 case MTA_BANNER: 884 if (line[0] != '2') { 885 mta_error(s, "BANNER rejected: %s", line); 886 s->flags |= MTA_FREE; 887 return; 888 } 889 if (s->flags & MTA_LMTP) 890 mta_enter_state(s, MTA_LHLO); 891 else 892 mta_enter_state(s, MTA_EHLO); 893 break; 894 895 case MTA_EHLO: 896 if (line[0] != '2') { 897 /* rejected at ehlo state */ 898 if ((s->flags & MTA_USE_AUTH) || 899 (s->flags & MTA_WANT_SECURE)) { 900 mta_error(s, "EHLO rejected: %s", line); 901 s->flags |= MTA_FREE; 902 return; 903 } 904 mta_enter_state(s, MTA_HELO); 905 return; 906 } 907 if (!(s->flags & MTA_FORCE_PLAIN)) 908 mta_enter_state(s, MTA_STARTTLS); 909 else 910 mta_enter_state(s, MTA_READY); 911 break; 912 913 case MTA_HELO: 914 if (line[0] != '2') { 915 mta_error(s, "HELO rejected: %s", line); 916 s->flags |= MTA_FREE; 917 return; 918 } 919 mta_enter_state(s, MTA_READY); 920 break; 921 922 case MTA_LHLO: 923 if (line[0] != '2') { 924 mta_error(s, "LHLO rejected: %s", line); 925 s->flags |= MTA_FREE; 926 return; 927 } 928 mta_enter_state(s, MTA_READY); 929 break; 930 931 case MTA_STARTTLS: 932 if (line[0] != '2') { 933 if (!(s->flags & MTA_WANT_SECURE)) { 934 mta_enter_state(s, MTA_AUTH); 935 return; 936 } 937 /* XXX mark that the MX doesn't support STARTTLS */ 938 mta_error(s, "STARTTLS rejected: %s", line); 939 s->flags |= MTA_FREE; 940 return; 941 } 942 943 mta_start_tls(s); 944 break; 945 946 case MTA_AUTH_PLAIN: 947 if (line[0] != '2') { 948 mta_error(s, "AUTH rejected: %s", line); 949 s->flags |= MTA_FREE; 950 return; 951 } 952 mta_enter_state(s, MTA_READY); 953 break; 954 955 case MTA_AUTH_LOGIN: 956 if (strncmp(line, "334 ", 4) != 0) { 957 mta_error(s, "AUTH rejected: %s", line); 958 s->flags |= MTA_FREE; 959 return; 960 } 961 mta_enter_state(s, MTA_AUTH_LOGIN_USER); 962 break; 963 964 case MTA_AUTH_LOGIN_USER: 965 if (strncmp(line, "334 ", 4) != 0) { 966 mta_error(s, "AUTH rejected: %s", line); 967 s->flags |= MTA_FREE; 968 return; 969 } 970 mta_enter_state(s, MTA_AUTH_LOGIN_PASS); 971 break; 972 973 case MTA_AUTH_LOGIN_PASS: 974 if (line[0] != '2') { 975 mta_error(s, "AUTH rejected: %s", line); 976 s->flags |= MTA_FREE; 977 return; 978 } 979 mta_enter_state(s, MTA_READY); 980 break; 981 982 case MTA_MAIL: 983 if (line[0] != '2') { 984 if (line[0] == '5') 985 delivery = IMSG_MTA_DELIVERY_PERMFAIL; 986 else 987 delivery = IMSG_MTA_DELIVERY_TEMPFAIL; 988 mta_flush_task(s, delivery, line, 0, 0); 989 mta_enter_state(s, MTA_RSET); 990 return; 991 } 992 mta_enter_state(s, MTA_RCPT); 993 break; 994 995 case MTA_RCPT: 996 e = s->currevp; 997 998 /* remove envelope from hosttat cache if there */ 999 if ((domain = strchr(e->dest, '@')) != NULL) { 1000 domain++; 1001 mta_hoststat_uncache(domain, e->id); 1002 } 1003 1004 s->currevp = TAILQ_NEXT(s->currevp, entry); 1005 if (line[0] == '2') { 1006 s->failures = 0; 1007 /* 1008 * this host is up, reschedule envelopes that 1009 * were cached for reschedule. 1010 */ 1011 if (domain) 1012 mta_hoststat_reschedule(domain); 1013 } 1014 else { 1015 if (line[0] == '5') 1016 delivery = IMSG_MTA_DELIVERY_PERMFAIL; 1017 else 1018 delivery = IMSG_MTA_DELIVERY_TEMPFAIL; 1019 s->failures++; 1020 1021 /* remove failed envelope from task list */ 1022 TAILQ_REMOVE(&s->task->envelopes, e, entry); 1023 stat_decrement("mta.envelope", 1); 1024 1025 /* log right away */ 1026 (void)snprintf(buf, sizeof(buf), "%s", 1027 mta_host_to_text(s->route->dst)); 1028 1029 e->session = s->id; 1030 /* XXX */ 1031 /* 1032 * getsockname() can only fail with ENOBUFS here 1033 * best effort, don't log source ... 1034 */ 1035 sa_len = sizeof(ss); 1036 sa = (struct sockaddr *)&ss; 1037 if (getsockname(s->io.sock, sa, &sa_len) < 0) 1038 mta_delivery_log(e, NULL, buf, delivery, line); 1039 else 1040 mta_delivery_log(e, sa_to_text(sa), 1041 buf, delivery, line); 1042 1043 if (domain) 1044 mta_hoststat_update(domain, e->status); 1045 mta_delivery_notify(e); 1046 1047 if (s->relay->limits->max_failures_per_session && 1048 s->failures == s->relay->limits->max_failures_per_session) { 1049 mta_flush_task(s, IMSG_MTA_DELIVERY_TEMPFAIL, 1050 "Too many consecutive errors, closing connection", 0, 1); 1051 mta_enter_state(s, MTA_QUIT); 1052 break; 1053 } 1054 1055 /* 1056 * if no more envelopes, flush failed queue 1057 */ 1058 if (TAILQ_EMPTY(&s->task->envelopes)) { 1059 mta_flush_task(s, IMSG_MTA_DELIVERY_OK, 1060 "No envelope", 0, 0); 1061 mta_enter_state(s, MTA_RSET); 1062 break; 1063 } 1064 } 1065 1066 if (s->currevp == NULL) 1067 mta_enter_state(s, MTA_DATA); 1068 else 1069 mta_enter_state(s, MTA_RCPT); 1070 break; 1071 1072 case MTA_DATA: 1073 if (line[0] == '2' || line[0] == '3') { 1074 mta_enter_state(s, MTA_BODY); 1075 break; 1076 } 1077 if (line[0] == '5') 1078 delivery = IMSG_MTA_DELIVERY_PERMFAIL; 1079 else 1080 delivery = IMSG_MTA_DELIVERY_TEMPFAIL; 1081 mta_flush_task(s, delivery, line, 0, 0); 1082 mta_enter_state(s, MTA_RSET); 1083 break; 1084 1085 case MTA_LMTP_EOM: 1086 case MTA_EOM: 1087 if (line[0] == '2') { 1088 delivery = IMSG_MTA_DELIVERY_OK; 1089 s->msgtried = 0; 1090 s->msgcount++; 1091 } 1092 else if (line[0] == '5') 1093 delivery = IMSG_MTA_DELIVERY_PERMFAIL; 1094 else 1095 delivery = IMSG_MTA_DELIVERY_TEMPFAIL; 1096 mta_flush_task(s, delivery, line, (s->flags & MTA_LMTP) ? 1 : 0, 0); 1097 if (s->task) { 1098 s->rcptcount--; 1099 mta_enter_state(s, MTA_LMTP_EOM); 1100 } else { 1101 s->rcptcount = 0; 1102 if (s->relay->limits->sessdelay_transaction) { 1103 log_debug("debug: mta: waiting for %llds before next transaction", 1104 (long long int)s->relay->limits->sessdelay_transaction); 1105 s->hangon = s->relay->limits->sessdelay_transaction -1; 1106 s->flags |= MTA_HANGON; 1107 runq_schedule(hangon, time(NULL) 1108 + s->relay->limits->sessdelay_transaction, 1109 NULL, s); 1110 } 1111 else 1112 mta_enter_state(s, MTA_READY); 1113 } 1114 break; 1115 1116 case MTA_RSET: 1117 s->rcptcount = 0; 1118 if (s->relay->limits->sessdelay_transaction) { 1119 log_debug("debug: mta: waiting for %llds after reset", 1120 (long long int)s->relay->limits->sessdelay_transaction); 1121 s->hangon = s->relay->limits->sessdelay_transaction -1; 1122 s->flags |= MTA_HANGON; 1123 runq_schedule(hangon, time(NULL) 1124 + s->relay->limits->sessdelay_transaction, 1125 NULL, s); 1126 } 1127 else 1128 mta_enter_state(s, MTA_READY); 1129 break; 1130 1131 default: 1132 fatalx("mta_response() bad state"); 1133 } 1134 } 1135 1136 static void 1137 mta_io(struct io *io, int evt) 1138 { 1139 struct mta_session *s = io->arg; 1140 char *line, *msg, *p; 1141 size_t len; 1142 const char *error; 1143 int cont; 1144 X509 *x; 1145 1146 log_trace(TRACE_IO, "mta: %p: %s %s", s, io_strevent(evt), 1147 io_strio(io)); 1148 1149 switch (evt) { 1150 1151 case IO_CONNECTED: 1152 log_info("%016"PRIx64" mta event=connected", s->id); 1153 1154 if (s->use_smtps) { 1155 io_set_write(io); 1156 mta_start_tls(s); 1157 } 1158 else { 1159 mta_enter_state(s, MTA_BANNER); 1160 io_set_read(io); 1161 } 1162 break; 1163 1164 case IO_TLSREADY: 1165 log_info("%016"PRIx64" mta event=starttls ciphers=%s", 1166 s->id, ssl_to_text(s->io.ssl)); 1167 s->flags |= MTA_TLS; 1168 1169 if (mta_verify_certificate(s)) { 1170 io_pause(&s->io, IO_PAUSE_IN); 1171 break; 1172 } 1173 1174 case IO_TLSVERIFIED: 1175 x = SSL_get_peer_certificate(s->io.ssl); 1176 if (x) { 1177 log_info("smtp-out: Server certificate verification %s " 1178 "on session %016"PRIx64, 1179 (s->flags & MTA_VERIFIED) ? "succeeded" : "failed", 1180 s->id); 1181 X509_free(x); 1182 } 1183 1184 if (s->use_smtps) { 1185 mta_enter_state(s, MTA_BANNER); 1186 io_set_read(io); 1187 } 1188 else 1189 mta_enter_state(s, MTA_EHLO); 1190 break; 1191 1192 case IO_DATAIN: 1193 nextline: 1194 line = iobuf_getline(&s->iobuf, &len); 1195 if (line == NULL) { 1196 if (iobuf_len(&s->iobuf) >= LINE_MAX) { 1197 mta_error(s, "Input too long"); 1198 mta_free(s); 1199 return; 1200 } 1201 iobuf_normalize(&s->iobuf); 1202 break; 1203 } 1204 1205 log_trace(TRACE_MTA, "mta: %p: <<< %s", s, line); 1206 1207 if ((error = parse_smtp_response(line, len, &msg, &cont))) { 1208 mta_error(s, "Bad response: %s", error); 1209 mta_free(s); 1210 return; 1211 } 1212 1213 /* read extensions */ 1214 if (s->state == MTA_EHLO) { 1215 if (strcmp(msg, "STARTTLS") == 0) 1216 s->ext |= MTA_EXT_STARTTLS; 1217 else if (strncmp(msg, "AUTH ", 5) == 0) { 1218 s->ext |= MTA_EXT_AUTH; 1219 if ((p = strstr(msg, " PLAIN")) && 1220 (*(p+6) == '\0' || *(p+6) == ' ')) 1221 s->ext |= MTA_EXT_AUTH_PLAIN; 1222 if ((p = strstr(msg, " LOGIN")) && 1223 (*(p+6) == '\0' || *(p+6) == ' ')) 1224 s->ext |= MTA_EXT_AUTH_LOGIN; 1225 } 1226 else if (strcmp(msg, "PIPELINING") == 0) 1227 s->ext |= MTA_EXT_PIPELINING; 1228 else if (strcmp(msg, "DSN") == 0) 1229 s->ext |= MTA_EXT_DSN; 1230 } 1231 1232 /* continuation reply, we parse out the repeating statuses and ESC */ 1233 if (cont) { 1234 if (s->replybuf[0] == '\0') 1235 (void)strlcat(s->replybuf, line, sizeof s->replybuf); 1236 else { 1237 line = line + 4; 1238 if (isdigit((int)*line) && *(line + 1) == '.' && 1239 isdigit((int)*line+2) && *(line + 3) == '.' && 1240 isdigit((int)*line+4) && isspace((int)*(line + 5))) 1241 (void)strlcat(s->replybuf, line+5, sizeof s->replybuf); 1242 else 1243 (void)strlcat(s->replybuf, line, sizeof s->replybuf); 1244 } 1245 goto nextline; 1246 } 1247 1248 /* last line of a reply, check if we're on a continuation to parse out status and ESC. 1249 * if we overflow reply buffer or are not on continuation, log entire last line. 1250 */ 1251 if (s->replybuf[0] != '\0') { 1252 p = line + 4; 1253 if (isdigit((int)*p) && *(p + 1) == '.' && 1254 isdigit((int)*p+2) && *(p + 3) == '.' && 1255 isdigit((int)*p+4) && isspace((int)*(p + 5))) 1256 p += 5; 1257 if (strlcat(s->replybuf, p, sizeof s->replybuf) >= sizeof s->replybuf) 1258 (void)strlcpy(s->replybuf, line, sizeof s->replybuf); 1259 } 1260 else 1261 (void)strlcpy(s->replybuf, line, sizeof s->replybuf); 1262 1263 if (s->state == MTA_QUIT) { 1264 log_info("%016"PRIx64" mta event=closed reason=quit messages=%zu", 1265 s->id, s->msgcount); 1266 mta_free(s); 1267 return; 1268 } 1269 io_set_write(io); 1270 mta_response(s, s->replybuf); 1271 if (s->flags & MTA_FREE) { 1272 mta_free(s); 1273 return; 1274 } 1275 if (s->flags & MTA_RECONN) { 1276 s->flags &= ~MTA_RECONN; 1277 mta_connect(s); 1278 return; 1279 } 1280 1281 iobuf_normalize(&s->iobuf); 1282 1283 if (iobuf_len(&s->iobuf)) { 1284 log_debug("debug: mta: remaining data in input buffer"); 1285 mta_error(s, "Remote host sent too much data"); 1286 if (s->flags & MTA_WAIT) 1287 s->flags |= MTA_FREE; 1288 else 1289 mta_free(s); 1290 } 1291 break; 1292 1293 case IO_LOWAT: 1294 if (s->state == MTA_BODY) { 1295 mta_enter_state(s, MTA_BODY); 1296 if (s->flags & MTA_FREE) { 1297 mta_free(s); 1298 return; 1299 } 1300 } 1301 1302 if (iobuf_queued(&s->iobuf) == 0) 1303 io_set_read(io); 1304 break; 1305 1306 case IO_TIMEOUT: 1307 log_debug("debug: mta: %p: connection timeout", s); 1308 mta_error(s, "Connection timeout"); 1309 if (!s->ready) 1310 mta_connect(s); 1311 else 1312 mta_free(s); 1313 break; 1314 1315 case IO_ERROR: 1316 log_debug("debug: mta: %p: IO error: %s", s, io->error); 1317 if (!s->ready) { 1318 mta_error(s, "IO Error: %s", io->error); 1319 mta_connect(s); 1320 break; 1321 } 1322 else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_ANYSSL))) { 1323 /* error in non-strict SSL negotiation, downgrade to plain */ 1324 if (s->flags & MTA_TLS) { 1325 log_info("smtp-out: Error on session %016"PRIx64 1326 ": opportunistic TLS failed, " 1327 "downgrading to plain", s->id); 1328 s->flags &= ~MTA_TLS; 1329 s->flags |= MTA_DOWNGRADE_PLAIN; 1330 mta_connect(s); 1331 break; 1332 } 1333 } 1334 mta_error(s, "IO Error: %s", io->error); 1335 mta_free(s); 1336 break; 1337 1338 case IO_TLSERROR: 1339 log_debug("debug: mta: %p: TLS IO error: %s", s, io->error); 1340 if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_ANYSSL))) { 1341 /* error in non-strict SSL negotiation, downgrade to plain */ 1342 log_info("smtp-out: TLS Error on session %016"PRIx64 1343 ": TLS failed, " 1344 "downgrading to plain", s->id); 1345 s->flags &= ~MTA_TLS; 1346 s->flags |= MTA_DOWNGRADE_PLAIN; 1347 mta_connect(s); 1348 break; 1349 } 1350 mta_error(s, "IO Error: %s", io->error); 1351 mta_free(s); 1352 break; 1353 1354 case IO_DISCONNECTED: 1355 log_debug("debug: mta: %p: disconnected in state %s", 1356 s, mta_strstate(s->state)); 1357 mta_error(s, "Connection closed unexpectedly"); 1358 if (!s->ready) 1359 mta_connect(s); 1360 else 1361 mta_free(s); 1362 break; 1363 1364 default: 1365 fatalx("mta_io() bad event"); 1366 } 1367 } 1368 1369 static void 1370 mta_send(struct mta_session *s, char *fmt, ...) 1371 { 1372 va_list ap; 1373 char *p; 1374 int len; 1375 1376 va_start(ap, fmt); 1377 if ((len = vasprintf(&p, fmt, ap)) == -1) 1378 fatal("mta: vasprintf"); 1379 va_end(ap); 1380 1381 log_trace(TRACE_MTA, "mta: %p: >>> %s", s, p); 1382 1383 iobuf_xfqueue(&s->iobuf, "mta_send", "%s\r\n", p); 1384 1385 free(p); 1386 } 1387 1388 /* 1389 * Queue some data into the input buffer 1390 */ 1391 static ssize_t 1392 mta_queue_data(struct mta_session *s) 1393 { 1394 char *ln = NULL; 1395 size_t sz = 0, q; 1396 ssize_t len; 1397 1398 q = iobuf_queued(&s->iobuf); 1399 1400 while (iobuf_queued(&s->iobuf) < MTA_HIWAT) { 1401 if ((len = getline(&ln, &sz, s->datafp)) == -1) 1402 break; 1403 if (ln[len - 1] == '\n') 1404 ln[len - 1] = '\0'; 1405 iobuf_xfqueue(&s->iobuf, "mta_queue_data", "%s%s\r\n", 1406 *ln == '.' ? "." : "", ln); 1407 } 1408 1409 free(ln); 1410 if (ferror(s->datafp)) { 1411 mta_flush_task(s, IMSG_MTA_DELIVERY_TEMPFAIL, 1412 "Error reading content file", 0, 0); 1413 return (-1); 1414 } 1415 1416 if (feof(s->datafp)) { 1417 fclose(s->datafp); 1418 s->datafp = NULL; 1419 } 1420 1421 return (iobuf_queued(&s->iobuf) - q); 1422 } 1423 1424 static void 1425 mta_flush_task(struct mta_session *s, int delivery, const char *error, size_t count, 1426 int cache) 1427 { 1428 struct mta_envelope *e; 1429 char relay[LINE_MAX]; 1430 size_t n; 1431 struct sockaddr_storage ss; 1432 struct sockaddr *sa; 1433 socklen_t sa_len; 1434 const char *domain; 1435 1436 (void)snprintf(relay, sizeof relay, "%s", mta_host_to_text(s->route->dst)); 1437 n = 0; 1438 while ((e = TAILQ_FIRST(&s->task->envelopes))) { 1439 1440 if (count && n == count) { 1441 stat_decrement("mta.envelope", n); 1442 return; 1443 } 1444 1445 TAILQ_REMOVE(&s->task->envelopes, e, entry); 1446 1447 /* we're about to log, associate session to envelope */ 1448 e->session = s->id; 1449 e->ext = s->ext; 1450 1451 /* XXX */ 1452 /* 1453 * getsockname() can only fail with ENOBUFS here 1454 * best effort, don't log source ... 1455 */ 1456 sa = (struct sockaddr *)&ss; 1457 sa_len = sizeof(ss); 1458 if (getsockname(s->io.sock, sa, &sa_len) < 0) 1459 mta_delivery_log(e, NULL, relay, delivery, error); 1460 else 1461 mta_delivery_log(e, sa_to_text(sa), 1462 relay, delivery, error); 1463 1464 mta_delivery_notify(e); 1465 1466 domain = strchr(e->dest, '@'); 1467 if (domain) { 1468 domain++; 1469 mta_hoststat_update(domain, error); 1470 if (cache) 1471 mta_hoststat_cache(domain, e->id); 1472 } 1473 1474 n++; 1475 } 1476 1477 free(s->task->sender); 1478 free(s->task); 1479 s->task = NULL; 1480 1481 if (s->datafp) { 1482 fclose(s->datafp); 1483 s->datafp = NULL; 1484 } 1485 1486 stat_decrement("mta.envelope", n); 1487 stat_decrement("mta.task.running", 1); 1488 stat_decrement("mta.task", 1); 1489 } 1490 1491 static void 1492 mta_error(struct mta_session *s, const char *fmt, ...) 1493 { 1494 va_list ap; 1495 char *error; 1496 int len; 1497 1498 va_start(ap, fmt); 1499 if ((len = vasprintf(&error, fmt, ap)) == -1) 1500 fatal("mta: vasprintf"); 1501 va_end(ap); 1502 1503 if (s->msgcount) 1504 log_info("smtp-out: Error on session %016"PRIx64 1505 " after %zu message%s sent: %s", s->id, s->msgcount, 1506 (s->msgcount > 1) ? "s" : "", error); 1507 else 1508 log_info("%016"PRIx64" mta event=error reason=%s", 1509 s->id, error); 1510 1511 /* 1512 * If not connected yet, and the error is not local, just ignore it 1513 * and try to reconnect. 1514 */ 1515 if (s->state == MTA_INIT && 1516 (errno == ETIMEDOUT || errno == ECONNREFUSED)) { 1517 log_debug("debug: mta: not reporting route error yet"); 1518 free(error); 1519 return; 1520 } 1521 1522 mta_route_error(s->relay, s->route); 1523 1524 if (s->task) 1525 mta_flush_task(s, IMSG_MTA_DELIVERY_TEMPFAIL, error, 0, 0); 1526 1527 free(error); 1528 } 1529 1530 static void 1531 mta_start_tls(struct mta_session *s) 1532 { 1533 struct ca_cert_req_msg req_ca_cert; 1534 const char *certname; 1535 1536 if (s->relay->pki_name) { 1537 certname = s->relay->pki_name; 1538 req_ca_cert.fallback = 0; 1539 } 1540 else { 1541 certname = s->helo; 1542 req_ca_cert.fallback = 1; 1543 } 1544 1545 req_ca_cert.reqid = s->id; 1546 (void)strlcpy(req_ca_cert.name, certname, sizeof req_ca_cert.name); 1547 m_compose(p_lka, IMSG_MTA_TLS_INIT, 0, 0, -1, 1548 &req_ca_cert, sizeof(req_ca_cert)); 1549 tree_xset(&wait_ssl_init, s->id, s); 1550 s->flags |= MTA_WAIT; 1551 return; 1552 } 1553 1554 static int 1555 mta_verify_certificate(struct mta_session *s) 1556 { 1557 #define MAX_CERTS 16 1558 #define MAX_CERT_LEN (MAX_IMSGSIZE - (IMSG_HEADER_SIZE + sizeof(req_ca_vrfy))) 1559 struct ca_vrfy_req_msg req_ca_vrfy; 1560 struct iovec iov[2]; 1561 X509 *x; 1562 STACK_OF(X509) *xchain; 1563 const char *name; 1564 unsigned char *cert_der[MAX_CERTS]; 1565 int cert_len[MAX_CERTS]; 1566 int i, cert_count, res; 1567 1568 res = 0; 1569 memset(cert_der, 0, sizeof(cert_der)); 1570 memset(&req_ca_vrfy, 0, sizeof req_ca_vrfy); 1571 1572 /* Send the client certificate */ 1573 if (s->relay->ca_name) { 1574 name = s->relay->ca_name; 1575 req_ca_vrfy.fallback = 0; 1576 } 1577 else { 1578 name = s->helo; 1579 req_ca_vrfy.fallback = 1; 1580 } 1581 if (strlcpy(req_ca_vrfy.name, name, sizeof req_ca_vrfy.name) 1582 >= sizeof req_ca_vrfy.name) 1583 return 0; 1584 1585 x = SSL_get_peer_certificate(s->io.ssl); 1586 if (x == NULL) 1587 return 0; 1588 xchain = SSL_get_peer_cert_chain(s->io.ssl); 1589 1590 /* 1591 * Client provided a certificate and possibly a certificate chain. 1592 * SMTP can't verify because it does not have the information that 1593 * it needs, instead it will pass the certificate and chain to the 1594 * lookup process and wait for a reply. 1595 * 1596 */ 1597 1598 cert_len[0] = i2d_X509(x, &cert_der[0]); 1599 X509_free(x); 1600 1601 if (cert_len[0] < 0) { 1602 log_warnx("warn: failed to encode certificate"); 1603 goto end; 1604 } 1605 log_debug("debug: certificate 0: len=%d", cert_len[0]); 1606 if (cert_len[0] > (int)MAX_CERT_LEN) { 1607 log_warnx("warn: certificate too long"); 1608 goto end; 1609 } 1610 1611 if (xchain) { 1612 cert_count = sk_X509_num(xchain); 1613 log_debug("debug: certificate chain len: %d", cert_count); 1614 if (cert_count >= MAX_CERTS) { 1615 log_warnx("warn: certificate chain too long"); 1616 goto end; 1617 } 1618 } 1619 else 1620 cert_count = 0; 1621 1622 for (i = 0; i < cert_count; ++i) { 1623 x = sk_X509_value(xchain, i); 1624 cert_len[i+1] = i2d_X509(x, &cert_der[i+1]); 1625 if (cert_len[i+1] < 0) { 1626 log_warnx("warn: failed to encode certificate"); 1627 goto end; 1628 } 1629 log_debug("debug: certificate %i: len=%d", i+1, cert_len[i+1]); 1630 if (cert_len[i+1] > (int)MAX_CERT_LEN) { 1631 log_warnx("warn: certificate too long"); 1632 goto end; 1633 } 1634 } 1635 1636 tree_xset(&wait_ssl_verify, s->id, s); 1637 s->flags |= MTA_WAIT; 1638 1639 /* Send the client certificate */ 1640 req_ca_vrfy.reqid = s->id; 1641 req_ca_vrfy.cert_len = cert_len[0]; 1642 req_ca_vrfy.n_chain = cert_count; 1643 iov[0].iov_base = &req_ca_vrfy; 1644 iov[0].iov_len = sizeof(req_ca_vrfy); 1645 iov[1].iov_base = cert_der[0]; 1646 iov[1].iov_len = cert_len[0]; 1647 m_composev(p_lka, IMSG_MTA_TLS_VERIFY_CERT, 0, 0, -1, 1648 iov, nitems(iov)); 1649 1650 memset(&req_ca_vrfy, 0, sizeof req_ca_vrfy); 1651 req_ca_vrfy.reqid = s->id; 1652 1653 /* Send the chain, one cert at a time */ 1654 for (i = 0; i < cert_count; ++i) { 1655 req_ca_vrfy.cert_len = cert_len[i+1]; 1656 iov[1].iov_base = cert_der[i+1]; 1657 iov[1].iov_len = cert_len[i+1]; 1658 m_composev(p_lka, IMSG_MTA_TLS_VERIFY_CHAIN, 0, 0, -1, 1659 iov, nitems(iov)); 1660 } 1661 1662 /* Tell lookup process that it can start verifying, we're done */ 1663 memset(&req_ca_vrfy, 0, sizeof req_ca_vrfy); 1664 req_ca_vrfy.reqid = s->id; 1665 m_compose(p_lka, IMSG_MTA_TLS_VERIFY, 0, 0, -1, 1666 &req_ca_vrfy, sizeof req_ca_vrfy); 1667 1668 res = 1; 1669 1670 end: 1671 for (i = 0; i < MAX_CERTS; ++i) 1672 free(cert_der[i]); 1673 1674 return res; 1675 } 1676 1677 static const char * 1678 dsn_strret(enum dsn_ret ret) 1679 { 1680 if (ret == DSN_RETHDRS) 1681 return "HDRS"; 1682 else if (ret == DSN_RETFULL) 1683 return "FULL"; 1684 else { 1685 log_debug("mta: invalid ret %d", ret); 1686 return "???"; 1687 } 1688 } 1689 1690 static const char * 1691 dsn_strnotify(uint8_t arg) 1692 { 1693 static char buf[32]; 1694 size_t sz; 1695 1696 buf[0] = '\0'; 1697 if (arg & DSN_SUCCESS) 1698 (void)strlcat(buf, "SUCCESS,", sizeof(buf)); 1699 1700 if (arg & DSN_FAILURE) 1701 (void)strlcat(buf, "FAILURE,", sizeof(buf)); 1702 1703 if (arg & DSN_DELAY) 1704 (void)strlcat(buf, "DELAY,", sizeof(buf)); 1705 1706 if (arg & DSN_NEVER) 1707 (void)strlcat(buf, "NEVER,", sizeof(buf)); 1708 1709 /* trim trailing comma */ 1710 sz = strlen(buf); 1711 if (sz) 1712 buf[sz - 1] = '\0'; 1713 1714 return (buf); 1715 } 1716 1717 #define CASE(x) case x : return #x 1718 1719 static const char * 1720 mta_strstate(int state) 1721 { 1722 switch (state) { 1723 CASE(MTA_INIT); 1724 CASE(MTA_BANNER); 1725 CASE(MTA_EHLO); 1726 CASE(MTA_HELO); 1727 CASE(MTA_STARTTLS); 1728 CASE(MTA_AUTH); 1729 CASE(MTA_AUTH_PLAIN); 1730 CASE(MTA_AUTH_LOGIN); 1731 CASE(MTA_AUTH_LOGIN_USER); 1732 CASE(MTA_AUTH_LOGIN_PASS); 1733 CASE(MTA_READY); 1734 CASE(MTA_MAIL); 1735 CASE(MTA_RCPT); 1736 CASE(MTA_DATA); 1737 CASE(MTA_BODY); 1738 CASE(MTA_EOM); 1739 CASE(MTA_LMTP_EOM); 1740 CASE(MTA_RSET); 1741 CASE(MTA_QUIT); 1742 default: 1743 return "MTA_???"; 1744 } 1745 } 1746